From: Christoph Hellwig <hch@lst.de>
To: Kanchan Joshi <joshi.k@samsung.com>
Cc: hch@lst.de, kbusch@kernel.org, sagi@grimberg.me, axboe@kernel.dk,
linux-nvme@lists.infradead.org, gost.dev@samsung.com
Subject: Re: [PATCH for-next 1/2] nvme: add the permission-policy for command control
Date: Tue, 27 Sep 2022 09:31:09 +0200 [thread overview]
Message-ID: <20220927073109.GA16831@lst.de> (raw)
In-Reply-To: <20220926145430.81658-2-joshi.k@samsung.com>
> +bool nvme_cmd_allowed(struct nvme_ns *ns, u8 opcode, fmode_t mode)
This adds an unused function, so I think it should be merged into the
next patch to have one coherent change.
> +{
> + /* root can do anything */
> + if (capable(CAP_SYS_ADMIN))
> + return true;
> + /* admin commands are not allowed */
Empty lines between the check would be nice for readability.
> + if (ns == NULL)
if (!ns)
> + /* exclude vendor-specific io and fabrics commands */
> + if (opcode >= nvme_cmd_vendor_start ||
> + opcode== nvme_fabrics_command)
Odd indentation here, this should be:
if (opcode >= nvme_cmd_vendor_start || opcode == nvme_fabrics_command)
> + /* allow write cmds only if matching FMODE is present */
> + if (opcode & 1)
> + return mode & FMODE_WRITE;
> + /* allow read cmds */
/* allow read cmds when the device permissions allow access */
next prev parent reply other threads:[~2022-09-27 7:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20220926150436epcas5p4fd7f1945793cded05910da5c5094805e@epcas5p4.samsung.com>
2022-09-26 14:54 ` [PATCH for-next 0/2] Fine-granular CAP_SYS_ADMIN Kanchan Joshi
2022-09-26 14:54 ` [PATCH for-next 1/2] nvme: add the permission-policy for command control Kanchan Joshi
2022-09-26 22:25 ` Chaitanya Kulkarni
2022-09-27 7:31 ` Christoph Hellwig [this message]
2022-09-26 14:54 ` [PATCH for-next 2/2] nvme: Make CAP_SYS_ADMIN fine-granular Kanchan Joshi
2022-09-26 22:30 ` Chaitanya Kulkarni
2022-09-27 17:06 ` Kanchan Joshi
2022-09-27 7:32 ` Christoph Hellwig
2022-09-27 17:50 ` Kanchan Joshi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220927073109.GA16831@lst.de \
--to=hch@lst.de \
--cc=axboe@kernel.dk \
--cc=gost.dev@samsung.com \
--cc=joshi.k@samsung.com \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.